Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Rob Watkins 313 posts 490 karma points
    May 16, 2017 @ 09:32
    Rob Watkins
    0

    417 Missing token suddenly occurring on all our sites

    We have several Umbraco sites that have been working fine, then on Monday (15th May) clients on various sites starting reporting that they were seeing no content on login.

    Checking it out, it is returning 417 Missing Token on various services on login; an F5 will make everything work.

    It is consistent every time; log in, nothing works, F5, everything works.

    Seems to be a common error but with various causes; I have cleared cookies, restarted site, no dice. Reproducible every time.

    The initial login sends a UMB_UCONTEXT cookie (and my app cookie for site users).

    The F5 sends that + cookies XSRF-TOKEN and XSRF-V, and extra header X-XSRF-TOKEN.

    Replaying the requests in the object inspector will reliably give the same results, so clearly it is the headers that are causing the problem.

    Any ideas how to fix? And why it's suddenly started happening?

  • Rob Watkins 313 posts 490 karma points
    May 16, 2017 @ 15:21
    Rob Watkins
    0

    Update: 7.5 works; so we can upgrade if it is not patchable.

    I would prefer a fix however.

  • Craig Mayers 79 posts 265 karma points
    May 16, 2017 @ 15:41
    Craig Mayers
    0

    Hi Rob,

    I have seen this issue a few times...

    I would suggest just simply upgrading if it is feasible for you. If you manage to find a fix, please post it here for the rest of the community. ;)

    Good luck!

    Craig

  • Bob 35 posts 157 karma points
    May 16, 2017 @ 17:23
    Bob
    0

    Same issue.... I don't have the option to upgrade but I would prefer a fix?? Is this something Umbraco have done or something that had been caused by a change?

  • Ihor 9 posts 71 karma points
    May 16, 2017 @ 18:32
    Ihor
    0

    I have the same issue.... Please let community know if somebody find fix

  • Ihor 9 posts 71 karma points
    May 16, 2017 @ 20:52
    Ihor
    0

    Hi All,

    Looks like I found a workaround. I cannot upgrade Umbraco to the latest version so I had to find a solution. For now, I use version 7.2.8

    So I downloaded Umbraco sources from here: https://github.com/umbraco/Umbraco-CMS/releases/tag/release-7.2.8

    And made a small change in AuthenticationController from Umbraco.Web project

    1) Deleted SetAngularAntiForgeryTokens attribute from PostLogin method

    2) Added new private method (in fact just copied piece of code from SetAngularAntiForgeryTokensAttribute)

    private void ValidateCookies(HttpContextBase context) {
           if (context.Request.Cookies.Get(AngularAntiForgeryHelper.AngularCookieName) != null
                && context.Request.Cookies.Get(AngularAntiForgeryHelper.CsrfValidationCookieName) != null)
            {
                return;
            }
    
            string cookieToken, headerToken;
            AngularAntiForgeryHelper.GetTokens(out cookieToken, out headerToken);
    
            var angularCookie = new HttpCookie(AngularAntiForgeryHelper.AngularCookieName, headerToken)
            {
                Path = "/",
                //must be js readable
                HttpOnly = false,
                Secure = GlobalSettings.UseSSL
            };
    
            var validationCookie = new HttpCookie(AngularAntiForgeryHelper.CsrfValidationCookieName, cookieToken)
            {
                Path = "/",
                HttpOnly = true,
                Secure = GlobalSettings.UseSSL
            };
    
            context.Response.Cookies.Add(angularCookie);
            context.Response.Cookies.Add(validationCookie);
        }
    

    3) Use this method from PostLogin method (just before return)

         ...
         ValidateCookies(http.Result);
         return result;
    

    So it looks like something wrong with cookies when we set it from ActionFIlter. It simply does not return cookies in response.

    Briefly tested it on two different websites and it looks fine now. I can log in and there isn't broken token errors. Maybe it breaks something else so I will make more tests

    Please let me know if somebody find another solution.

    Thanks Ihor

  • Josh G 3 posts 23 karma points
    18 days ago
    Josh G
    0

    Hi Ihor,

    Have you continued to use this fix without any issues?

    Are you able to provide the updated DLL files?

    Thanks

  • Ihor 9 posts 71 karma points
    4 days ago
    Ihor
    0

    Hi Josh,

    Sorry for delay with answer. You can download umbraco.dll by this link umbraco dll

    Thanks

  • Bob 35 posts 157 karma points
    May 19, 2017 @ 18:42
    Bob
    0

    We still have this issue. Surprised no one from Umbraco had come forward to explain why this occurred in the first place

  • Rasmus Söderström 1 post 71 karma points
    May 23, 2017 @ 09:02
    Rasmus Söderström
    0

    We also have this issue. Can confirm this occurs on multiple versions, up to 7.2.8. More details on our issue here: http://issues.umbraco.org/issue/U4-9873

    We think our issue first appeared when migrating to Windows Server 2016.

    Have you made any changes to the hosting environment?

  • Pradip 22 posts 114 karma points
    Jun 08, 2017 @ 11:16
    Pradip
    0

    Hello All,

    I am facing the same issue with Umbraco version 7.1.4 assembly: 1.0.5261.28127 from 15 th May.

    Not able to find the below files in umbraco folder :

    umbraco/backoffice/UmbracoApi/UpdateCheck/GetCheck Failed to load resource: the server responded with a status of 417 (Missing token)

    umbraco/backoffice/UmbracoApi/Section/GetSections Failed to load resource: the server responded with a status of 417 (Missing token)

    umbraco/backoffice/UmbracoApi/Dashboard/GetDashboard?section=content Failed to load resource: the server responded with a status of 417 (Missing token)

    umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds Failed to load resource: the server responded with a status of 417 (Missing token)

    Also I don't have backoffice folder in the installed umbraco site folder.

    Help me its urgent.

    Thanks in advance. Pradip

  • Mohsin Bhatti 3 posts 71 karma points
    Jun 08, 2017 @ 12:21
    Mohsin Bhatti
    0

    Hello All,

    we have facing the same issue with Umbraco version 7.1.4 assembly: 1.0.5261.28127

    when we login to umbraco; get blank frames from left side. Left menu is completely empty because of error that show in console(please see the image).

    If we reload(press F5) the page it works fine.It is consistent every time; log in, nothing works, F5, everything works.

    we also try to clear cookies and caches of browser. But still issue remain same.

    Is this something Umbraco have done or something that had been caused by a change?

    we get the following errors in the backoffice.

    Failed to load resource: the server responded with a status of 417 /umbraco/backoffice/UmbracoApi/UpdateCheck/GetCheck

    Failed to load resource: the server responded with a status of 417 (Missing token) /umbraco/backoffice/UmbracoApi/Section/GetSections

    Failed to load resource: the server responded with a status of 417 (Missing token) /umbraco/backoffice/UmbracoApi/Dashboard/GetDashboard?section=content

    Failed to load resource: the server responded with a status of 417 (Missing token) /umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds

    Failed to load resource: the server responded with a status of 417 (Missing token) angular.min.js:106 POST /umbraco/backoffice/UmbracoApi/Authentication/PostLogout 417 (Missing token)

    Anyone has an solution to this problem?enter image description here

  • Daniel Reagan 18 posts 70 karma points
    Jun 13, 2017 @ 13:06
    Daniel Reagan
    1

    Umbraco 7.2.8 -- Server 2012 sp1

    removing KB4014604 fixed the issue for us

  • Søren Kottal 233 posts 1254 karma points c-trib
    27 days ago
    Søren Kottal
    0

    Can anyone confirm that this works in 7.5, with KB4014604 installed?

  • Søren Kottal 233 posts 1254 karma points c-trib
    25 days ago
    Søren Kottal
    0

    An update on this:

    I have a solution on 7.3.1 that is not affected, also solutions on 7.4 and 7.5 without problems.

    So if you need to upgrade, you don't necessarily need to go all the way up :)

  • Dean Bullock 4 posts 105 karma points
    25 days ago
    Dean Bullock
    1

    I had this issue on 7.6.3 when I changed the web.config to umbracouseSSL to true. I found clearing my cookies then logging back in fixed the issue.

Please Sign in or register to post replies

Write your reply to:

Draft